Go back Tools & Tips

How security assessment strengthens CTI strategy

By Jônadas Techio on June 9, 2023

In today's hyperconnected world, with an increasing incidence of cyber attacks and data breaches, it has become increasingly critical for organizations to protect their internet-facing assets and mitigate risks from third parties and the supply chain.

The "SolarWinds hack," one of the largest cyber attacks of the 21st century, illustrates these risks well. During the attack, hackers gained access to SolarWinds' networks by compromising their Orion software, impacting dozens of multinational companies and government agencies worldwide. Since then, there has been a notable increase in supply chain incidents, with Gartner predicting that by 2025, 45% of organizations worldwide will have experienced such attacks (a threefold increase compared to 2021).

An effective strategy to reduce these risks is to utilize Security Rating Services (SRS) in conjunction with Cyber Threat Intelligence (CTI) platforms. By combining these tools, companies can gain a comprehensive view of their security posture and proactively detect vulnerabilities that malicious actors may exploit.

In this article, we will discuss the advantages of this strategy and the role it can play in protecting your business against cyber threats.


What are internet-facing assets?

Internet-facing assets are any devices, systems, or applications that can be accessed by anyone on the public internet. These assets may include web servers, email servers, cloud services, IoT devices, mobile applications, and more.

It is not uncommon for large companies to have thousands, tens of thousands, or even more of these assets to manage, including websites, confidential data, employee credentials, cloud workloads, S3 buckets, source code snippets, SSL certificates, and many others.

Internet-facing assets are essential for companies to operate and communicate with their customers, partners, and suppliers. However, discovering, classifying, and managing these assets can be a challenging task.

Among the risks that affect internet-facing assets are:

1. Account compromise: Attackers can use various techniques such as phishing, brute force, credential stuffing, or vulnerability exploitation to gain access to user accounts or administrative accounts, enabling them to steal confidential data, perform malicious actions, or spread malware within the network.
2. Vulnerability exploitation: Attackers can search for and exploit known or unknown vulnerabilities in internet-facing assets, such as software bugs, misconfigurations, outdated versions, or weak encryption. This can allow unauthorized access, code execution, privilege escalation, and even denial-of-service (DoS) attacks.
3. Activity and behavior detection: Attackers can monitor and analyze activities such as network traffic patterns, user interactions, application performance metrics, etc., enabling them to identify targets for attack, discover confidential information, and conceal their malicious activity among normal activities.

These attacks can have serious consequences, such as data breaches or exfiltration, business disruption, reputational damage, or legal liability.

These risks are not limited to the internal scope of the company but also extend to third-party internet-facing assets, such as vendors, suppliers, partners, or customers. These assets may have different security standards, practices, or controls compared to your company, introducing vulnerabilities, threats, or additional exposures that are beyond your control.

To mitigate these risks, it is crucial to have a comprehensive understanding of both your own and third-party internet-facing assets, including inventory, configuration, vulnerabilities, activities, behaviors, and potential threats. However, this can be a challenging task due to the dynamic and distributed nature of such assets and the lack of effective tools and processes for monitoring and discovery.

Cyber Threat Intelligence (CTI) platforms, such as Axur's, are essential tools for organizations to fulfill this task. These platforms leverage data from various sources, such as threat feeds, dark and deep web monitoring, and vulnerability scanning, to provide insights into the latest threats and potential risks faced by an organization.

By analyzing this information, CTI platforms help companies identify and prioritize the most critical vulnerabilities and risks, enabling them to allocate their resources effectively and take proactive, rather than reactive, actions based on threat intelligence and emerging trends. This allows organizations to take preventive measures to mitigate risks before they escalate into major security incidents, reducing the potential impact on their operations and reputation.

While CTI platforms provide critical information about the latest threats and vulnerabilities, Security Rating Services (SRS) complement this work by providing a comprehensive view of an organization's overall security posture, including the supply chain.

SRS can help discover all internet-facing assets across different domains, networks, or cloud environments and identify any unknown, unmanaged, or poorly managed assets. Additionally, SRS can assess the risk level of each asset based on various criteria, such as vulnerability severity, exposure duration, network security, and patch cadence. These assessments provide a benchmark for companies to analyze their performance, compare it against industry standards and competitors, and identify areas that need improvement. They also enable effective communication of risks to stakeholders using standardized metrics, reports, and dashboards.

RiskRecon, a Mastercard company, is the world's largest provider of SRS, serving over 5,500 global customers. Their cloud-based platform offers continuous, accurate, and actionable assessments for both owned and third-party assets.

RiskRecon combines expert analysis and machine learning to collect and evaluate data from millions of publicly accessible sources, providing comprehensive visibility into asset inventory, configurations, vulnerabilities, activities, and threats. Additionally, RiskRecon offers personalized recommendations, guidance, and support to help customers improve their security posture, reduce the attack surface, and mitigate cyber risk.

The use of SRS, such as RiskRecon, brings a competitive advantage in today's digital economy, where security is a key factor for success and trust. By having a clear and accurate picture of both owned and third-party assets and their associated risks, informed and proactive decisions can be made to protect businesses, customers, and reputation against cyber threats.

With cyber threats becoming increasingly prevalent, it is more important than ever for organizations to monitor and understand the risk of their internet-exposed assets in real-time. That is why we, at Axur, are pleased to announce our partnership with RiskRecon, with the goal of fulfilling our mission to make the internet a safer place.

With this initiative, in addition to obtaining detailed information about the latest threats and vulnerabilities, our clients will have access to a high-level view of their overall security posture, including third parties and the supply chain. Through this partnership, Axur continues to set the standard for B2B cybersecurity solutions and is committed to helping organizations stay ahead of cyber threats.

References:
- The SolarWinds cyberattack: The hack, the victims, and what we know
- SolarWinds hack explained: Everything you need to know
- Updated Okta Statement on LAPSUS
- Security alert: Attack campaign involving stolen OAuth user tokens issued to two third-party integrators | The GitHub Blog
- AT&T alerts 9 million customers of data breach after vendor hack
- 5 Biggest Supply Chain Attacks in 2022 (So Far) | ImmuniWeb Security Blog
- Okta says hundreds of companies impacted by security breach | TechCrunch
- Gartner Top Security and Risk Trends in 2022
- Enterprise cybersecurity: Aligning third parties and supply chains